× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dfb6a732af0b962771f5a84cd14eb0057fa7c63e9622ec08433db3abaada09ff
File name: gtbasic.dll
Detection ratio: 57 / 67
Analysis date: 2018-04-11 18:00:30 UTC ( 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12706112 20180411
AegisLab Filerepmalware.Gen!c 20180411
AhnLab-V3 Trojan/Win32.Emotet.R216766 20180411
ALYac Trojan.Agent.Emotet 20180411
Antiy-AVL Trojan/Win32.TSGeneric 20180411
Arcabit Trojan.Generic.DC1E140 20180411
Avast Win32:Malware-gen 20180411
AVG Win32:Malware-gen 20180411
Avira (no cloud) TR/Crypt.ZPACK.oqqok 20180411
AVware Trojan.Win32.Generic!BT 20180411
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180411
BitDefender Trojan.GenericKD.12706112 20180411
CAT-QuickHeal Trojan.Dovs 20180411
ClamAV Win.Trojan.Emotet-6409744-0 20180411
Comodo UnclassifiedMalware 20180411
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170201
Cylance Unsafe 20180411
Cyren W32/Trojan.ZYWI-3803 20180411
Emsisoft Trojan.GenericKD.12706112 (B) 20180411
Endgame malicious (high confidence) 20180403
ESET-NOD32 Win32/Emotet.AZ 20180411
F-Prot W32/Emotet.MG 20180411
F-Secure Trojan.GenericKD.12706112 20180411
Fortinet W32/Kryptik.FZTF!tr 20180411
GData Win32.Trojan-Spy.Emotet.IP 20180411
Ikarus Trojan-Banker.Emotet 20180411
Sophos ML heuristic 20180121
Jiangmin Trojan.Dovs.dyo 20180411
K7AntiVirus Trojan ( 00521c821 ) 20180411
K7GW Trojan ( 00521c821 ) 20180411
Kaspersky Trojan.Win32.Dovs.epw 20180410
Malwarebytes Trojan.Emotet 20180411
MAX malware (ai score=100) 20180411
McAfee Emotet-FCY! 20180411
McAfee-GW-Edition BehavesLike.Win32.Emotet.cm 20180410
Microsoft Trojan:Win32/Emotet 20180411
eScan Trojan.GenericKD.12706112 20180411
NANO-Antivirus Trojan.Win32.Dovs.ewmfov 20180411
Palo Alto Networks (Known Signatures) generic.ml 20180411
Panda Trj/RnkBend.A 20180411
Qihoo-360 Trojan.Generic 20180411
Rising Trojan.Kryptik!8.8 (KTSE) 20180411
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANR 20180411
SUPERAntiSpyware Trojan.Agent/Gen-Emotet 20180411
Symantec Trojan.Gen.2 20180411
Tencent Win32.Trojan.Dovs.Ehry 20180411
TrendMicro TROJ_GEN.R002C0RLS17 20180411
TrendMicro-HouseCall TSPY_HPEMOTET.SMDX8 20180411
VBA32 Trojan.Dovs 20180411
VIPRE Trojan.Win32.Generic!BT 20180411
ViRobot Trojan.Win32.Z.Emotet.200704.D 20180411
Webroot W32.Adware.Gen 20180411
Yandex Trojan.Dovs! 20180411
Zillya Trojan.Dovs.Win32.1851 20180411
ZoneAlarm by Check Point Trojan.Win32.Dovs.epw 20180411
Zoner Trojan.Emotet 20180411
Alibaba 20180411
Avast-Mobile 20180411
Bkav 20180410
CMC 20180410
Cybereason None
DrWeb 20180411
eGambit 20180411
Kingsoft 20180411
nProtect 20180411
Symantec Mobile Insight 20180406
TheHacker 20180410
TotalDefense 20180411
Trustlook 20180411
WhiteArmor 20180408
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 1999-2006 by PHaX

Product GT2
Original name gtbasic.dll
Internal name gtbasic.dll
File version 0.35
Description General purpose library.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-28 00:00:08
Entry Point 0x00001B40
Number of sections 8
PE sections
PE imports
CryptDestroyKey
RegEnumKeyW
LookupPrivilegeNameA
CryptUnregisterDefaultOIDFunction
CreatePatternBrush
CreateBitmap
DeleteObject
GetRandomRgn
GetThreadPriority
GetConsoleOutputCP
lstrcmpA
GetSystemDefaultUILanguage
ReadFile
TlsGetValue
Sleep
GetSystemWow64DirectoryA
GetVersion
SetComputerNameA
MprConfigGetGuidName
UuidToStringW
SetupGetLineCountW
SHRegQueryInfoUSKeyW
PathIsDirectoryW
GetWindowLongA
SetTimer
IsWindow
GetOpenClipboardWindow
GetSubMenu
AdjustWindowRect
AnyPopup
GetClientRect
GetForegroundWindow
GetWindowPlacement
MessageBoxA
GetSystemMenu
GetWindowTextA
SetWindowTextA
SetWindowPos
timeGetSystemTime
midiOutClose
DeviceCapabilitiesW
SCardReconnect
StgOpenStorageOnILockBytes
Number of PE resources by type
RT_STRING 114
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 115
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.15

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.35.0.0

LanguageCode
German

FileFlagsMask
0x003f

FileDescription
General purpose library.

CharacterSet
Windows, Latin1

InitializedDataSize
184320

EntryPoint
0x1b40

OriginalFileName
gtbasic.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
0.35

TimeStamp
2017:12:28 01:00:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
gtbasic.dll

ProductVersion
0.35

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright (c) 1999-2006 by PHaX

MachineType
Intel 386 or later, and compatibles

CompanyName
http://philip.helger.com/gt/

CodeSize
0

ProductName
GT2

ProductVersionNumber
0.35.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Comment
http://philip.helger.com/gt/

Compressed bundles
File identification
MD5 fbee363b64902c42108b8b3f921dc228
SHA1 e7314da9335df28164c5fefae7016872fbeed220
SHA256 dfb6a732af0b962771f5a84cd14eb0057fa7c63e9622ec08433db3abaada09ff
ssdeep
3072:fE/0j/VB1W/84GTUJuZExZAEiZ8A3Gcnne26rsHsu:fE/0j/j1WUlwJZI

authentihash ca8761b2580beb74cfed6dd98e41b80565288f4233bd1d679f9881839bec6c47
imphash 0679572e267a1f6d9d65467b4632b4a1
File size 196.0 KB ( 200704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-27 15:09:07 UTC ( 3 months, 4 weeks ago )
Last submission 2018-04-09 07:34:10 UTC ( 2 weeks, 2 days ago )
File names audiosearch.exe
2017-12-27-Emotet-shedulecart.exe
gtbasic.dll
2017-12-27-Emotet-shedulecart.exe.rename
Emotet-shedulecart.exe
msiservice.exe
25880056.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
UDP communications